International Cybersecurity Norms

International cybersecurity normsInternational Cybersecurity NormsMicrosoft Policy PapersThe case for international cybersecurity normsAs societies expand their digital footprint, increasing connectivity among citizens, businesses, and governments, the world has also seen a concomitant increase in cyber incidents.At times, the attackers’ motivations are financial, not unlike criminal behavior in the “physical world.”The past several years have shown a new trend. Increasingly, states use the Internet to advance tried and true tenets of intelligence or even military operations: espionage, reconnaissance, and even sabotage. As the pace of activity in cyberspace increases, so does the likelihood of one state misinterpreting the actions of another.Moreover, the risk of a cyber-arms race cannot be discounted.

As more nation states include offensive and defensive cyber capabilities in their intelligence and military planning, there are few international rules to guide or constrain the use of such capabilities. Offensive cyber activities in particular have the potential for unintended consequencesincluding the possible escalation of hostilities from cyberspace to the physical world. In today’s internet dependent world this represents an unacceptable risk. It would be naïve tohope that states should fully pull back their military operations from the Internet. Nevertheless, just as there are universally accepted norms of behavior in other realms of conflict, it is no less important to establish norms for cybersecurity. These norms should not only strengthen cybersecuritybut also preserve the values of a globally connected society.